From owner-freebsd-arch@FreeBSD.ORG Sat Jun 10 19:52:34 2006 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4558316A47F; Sat, 10 Jun 2006 19:52:34 +0000 (UTC) (envelope-from shadow@psoft.net) Received: from mail.sevcity.net (ns.sevcity.net [193.47.166.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C1EF43D73; Sat, 10 Jun 2006 19:52:33 +0000 (GMT) (envelope-from shadow@psoft.net) Received: from mail.sevcity.net (service.sevcity [127.0.0.1]) by mail.sevcity.net (Postfix) with ESMTP id 181EF170010; Sat, 10 Jun 2006 22:54:09 +0300 (EEST) Received: from berloga.shadowland (umka.sevcity.net [193.47.166.138]) by mail.sevcity.net (Postfix) with ESMTP id DBD2C170004; Sat, 10 Jun 2006 22:54:06 +0300 (EEST) Received: from berloga.shadowland (berloga.shadowland [127.0.0.1]) by berloga.shadowland (8.12.11.20060308/8.12.11) with ESMTP id k5AJqk4c016107; Sat, 10 Jun 2006 22:52:46 +0300 Received: (from root@localhost) by berloga.shadowland (8.12.11.20060308/8.12.11/Submit) id k5AJqis0016105; Sat, 10 Jun 2006 22:52:44 +0300 From: Alex Lyashkov To: Julian Elischer In-Reply-To: <44897693.5050306@elischer.org> References: <1149610678.4074.42.camel@berloga.shadowland> <448633F2.7030902@elischer.org> <20060607095824.W53690@fledge.watson.org> <200606070819.04301.jhb@freebsd.org> <4486E41B.4000003@elischer.org> <1149692184.3224.208.camel@berloga.shadowland> <4486EBBD.3090404@elischer.org> <1149757290.3222.44.camel@berloga.shadowland> <1149786697.3222.91.camel@berloga.shadowland> <44897693.5050306@elischer.org> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: quoted-printable Organization: Positive Software Message-Id: <1149969164.3215.66.camel@berloga.shadowland> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 (1.4.5-17) Date: Sat, 10 Jun 2006 22:52:44 +0300 X-Virus-Scanned: ClamAV using ClamSMTP Cc: Robert Watson , freebsd-arch@freebsd.org Subject: Re: jail extensions X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jun 2006 19:52:34 -0000 =F7 =F0=D4=CE, 09.06.2006, =D7 16:24, Julian Elischer =D0=C9=DB=C5=D4: > Alex Lyashkov wrote: >=20 > >>2) at MOD_LOAD case run loop for each prisons and init private data for > >>this module at all contexts. At this way module always 'exist' at all > >>contexts. > >>and disable module compiling (loading) when module don`t marked jail > >>safe. > >> =20 > >> > >example for this way. > >http://cvs.freevps.com/index.cgi/kernel/include/linux/freevps/s_context_= xfrm.h?rev=3D1.3 > >http://cvs.freevps.com/index.cgi/kernel/net/ipv4/ah4.c?rev=3D1.3 > >ah4_init/ah4_fini functions. > > =20 > > >=20 > this is the bit that is obvious. >=20 > The hard bit is the non obvious difficulty of changing all existing=20 > modules in such away that > they can be compiled both in the new way, and in a way that they are=20 > still compiled to the old way. >=20 > You need to put all the currently global variables into a structure that=20 > can be instantiated > for each jail, but in order to make this continue to work in the=20 > existing system, they still need to > be compiled as a global when the normal buold is made. >=20 > for this reason Marco and I were looking at various macros that can be=20 > defined to > allow the variables to be compiled both ways. >=20 > For example : >=20 >=20 > int xx; > static int yy; > struct a { > int aa; > int bb; > } cc; >=20 > might become: >=20 > VM_GLOBAL_START(modname) > int xx; > VMG_STATIC int yy; > struct a { > int aa; > int bb; > } cc; > VM_GLOBAL_STOP(modname) >=20 >=20 > You would access these as: > VM_GLOBAL(modname, yy) =3D 2 > foobar( VM_GLOBAL_STRUCT(cc, modname)->bb); >=20 > or similar. >=20 >=20 >=20 And I can`t find any benefits of give up old way when create=20 per module=20 struct module_data_$name { int xx; int yy; struct a { int aa; int bb; } cc; }; and use access as $name_data(context, yy) =3D 2. for non jail kernel it`s should be converted to always access via prison0.=20 main difficulty is convert access to variables to use macros, not are create struct. is anybody can review my patch and point me any wrong parts ? --=20 Alex Lyashkov